mono -- TLS bugs

Details

VuXML ID

c0cae920-c4e9-11e4-898e-90e6ba741e35

Discovery

2015-03-06

Entry

2015-03-07

The Mono project reports:

Mono’s implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. Details of this vulnerability are discussed in SKIP-TLS post.

Mono’s implementation of SSL/TLS also contained support for the weak EXPORT cyphers and was susceptible to the FREAK attack.